Currently, we store a hash (e.g. SHA1) or a CRC (e.g. CRC32) additionally to the payload data. This allows to find out reliably whether the key and IV used to decrypt the data are correct (e.g. to find out whether the password provided by the user opening the key-store was correct). However, this is not good protection against data manipulation. An attacker could theoretically change both the data and the checksum inside the ciphertext (without the need to decrypt it!) in a way that would be undetected.
The solution to this problem is a MAC - http://en.wikipedia.org/wiki/Message_authentication_code - and there is BouncyCastle lightweight API available. We need to integrate this into our CryptoRegistry as a simple-to-use MAC API (similar to the Cipher API) and use it everywhere where we encrypt data, i.e.:
* Inside the key-store.
* When sending keys from key-manager to app-server.
* Inside the persistent records (=> CryptoManager-impl).